HP A5830 Switch Series Layer 3 - IP Services. Command Reference. Abstract

Transcription

1 HP A5830 Switch Series Layer 3 - IP Services Command Reference Abstract This document describes the commands and command syntax options available for the HP A Series products. This document is intended for network planners, field technical support and servicing engineers, and network administrators who work with HP A Series products. Part number: Software version: Release 1109 Document version: 6W

2 Legal and notice information Copyright 2011 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

3 Contents ARP configuration commands 1 arp max-learning-num 1 arp static 2 arp timer aging 2 display arp 3 display arp ip-address 4 display arp timer aging 5 mac-address station-move 6 reset arp 6 Gratuitous ARP configuration commands 8 arp send-gratuitous-arp 8 gratuitous-arp-sending enable 9 gratuitous-arp-learning enable 9 Proxy ARP configuration commands 11 display local-proxy-arp 11 display proxy-arp 11 local-proxy-arp enable 12 proxy-arp enable 13 IP addressing configuration commands 14 display ip interface 14 display ip interface brief 16 ip address 18 DHCP server configuration commands 20 bims-server 20 bootfile-name 20 dhcp enable 21 dhcp server apply ip-pool 22 dhcp select server global-pool 22 dhcp server detect 23 dhcp server forbidden-ip 24 dhcp server ip-pool 25 dhcp server ping packets 26 dhcp server ping timeout 26 dhcp server relay information enable 27 dhcp server threshold 28 display dhcp server conflict 29 display dhcp server expired 29 display dhcp server free-ip 31 display dhcp server forbidden-ip 31 display dhcp server ip-in-use 32 display dhcp server statistics 34 display dhcp server tree 35 dns-list 37 domain-name 38 expired 38 forbidden-ip 39 gateway-list 40 iii

4 nbns-list 41 netbios-type 41 network 42 network ip range 43 network mask 44 next-server 44 option 45 reset dhcp server conflict 46 reset dhcp server ip-in-use 46 reset dhcp server statistics 47 static-bind client-identifier 47 static-bind ip-address 48 static-bind mac-address 49 tftp-server domain-name 50 tftp-server ip-address 51 vendor-class-identifier 51 voice-config 52 DHCP relay agent configuration commands 54 dhcp relay address-check enable 54 dhcp relay check mac-address 55 dhcp relay client-detect enable 55 dhcp relay information circuit-id format-type 56 dhcp relay information circuit-id string 57 dhcp relay information enable 57 dhcp relay information format 58 dhcp relay information remote-id format-type 59 dhcp relay information remote-id string 60 dhcp relay information strategy 60 dhcp relay release ip 61 dhcp relay security static 62 dhcp relay security refresh enable 62 dhcp relay security tracker 63 dhcp relay server-detect 64 dhcp relay server-group 64 dhcp relay server-select 65 dhcp select relay 66 display dhcp relay 67 display dhcp relay information 68 display dhcp relay security 69 display dhcp relay security statistics 70 display dhcp relay security tracker 71 display dhcp relay server-group 72 display dhcp relay statistics 72 reset dhcp relay statistics 74 DHCP client configuration commands 76 display dhcp client 76 ip address dhcp-alloc 78 DHCP snooping configuration commands 80 dhcp-snooping 80 dhcp-snooping binding database filename 80 dhcp-snooping binding database update interval 81 dhcp-snooping binding database update now 82 dhcp-snooping check mac-address 82 iv

5 dhcp-snooping check request-message 83 dhcp-snooping information circuit-id format-type 84 dhcp-snooping information circuit-id string 84 dhcp-snooping information enable 85 dhcp-snooping information format 86 dhcp-snooping information remote-id format-type 87 dhcp-snooping information remote-id string 87 dhcp-snooping information strategy 88 dhcp-snooping trust 89 display dhcp-snooping 90 display dhcp-snooping binding database 91 display dhcp-snooping information 92 display dhcp-snooping packet statistics 93 display dhcp-snooping trust 94 reset dhcp-snooping 95 reset dhcp-snooping packet statistics 95 BOOTP client configuration commands 96 display bootp client 96 ip address bootp-alloc 97 IPv4 DNS configuration commands 98 display dns domain 98 display dns host 99 display dns server 100 display ip host 101 dns domain 102 dns resolve 103 dns server 103 ip host 104 reset dns host 105 IP performance optimization configuration commands 106 display fib 106 display fib ip-address 108 display icmp statistics 109 display ip socket 110 display ip statistics 114 display tcp statistics 115 display udp statistics 118 ip forward-broadcast (interface view) 119 ip forward-broadcast (system view) 120 ip redirects enable 120 ip ttl-expires enable 121 ip unreachables enable 121 reset ip statistics 122 reset tcp statistics 122 reset udp statistics 123 tcp path-mtu-discovery 123 tcp timer fin-timeout 124 tcp timer syn-timeout 125 tcp window 125 UDP Helper configuration commands 127 display udp-helper server 127 reset udp-helper packet 127 udp-helper enable 128 v

6 udp-helper port 129 udp-helper server 129 IPv6 basics configuration commands 131 display ipv6 fib 131 display ipv6 fib ipv6-address 132 display ipv6 interface 134 display ipv6 nd snooping 138 display ipv6 neighbors 139 display ipv6 neighbors count 141 display ipv6 pathmtu 142 display ipv6 socket 143 display ipv6 statistics 145 display tcp ipv6 statistics 148 display tcp ipv6 status 151 display udp ipv6 statistics 152 ipv6 153 ipv6 address 154 ipv6 address anycast 154 ipv6 address auto 155 ipv6 address auto link-local 156 ipv6 address eui ipv6 address link-local 157 ipv6 hoplimit-expires enable 158 ipv6 icmp-error 159 ipv6 icmpv6 multicast-echo-reply enable 159 ipv6 nd autoconfig managed-address-flag 160 ipv6 nd autoconfig other-flag 160 ipv6 nd dad attempts 161 ipv6 nd hop-limit 162 ipv6 nd ns retrans-timer 162 ipv6 nd nud reachable-time 163 ipv6 nd ra halt 164 ipv6 nd ra interval 164 ipv6 nd ra no-advlinkmtu 165 ipv6 nd ra prefix 166 ipv6 nd ra router-lifetime 166 ipv6 nd snooping enable 167 ipv6 nd snooping max-learning-num 168 ipv6 neighbor 168 ipv6 neighbor stale-aging 169 ipv6 neighbors max-learning-num 170 ipv6 pathmtu 171 ipv6 pathmtu age 171 ipv6 prefer temporary-address 172 ipv6 unreachables enable 173 reset ipv6 nd snooping 173 reset ipv6 neighbors 174 reset ipv6 pathmtu 174 reset ipv6 statistics 175 reset tcp ipv6 statistics 175 reset udp ipv6 statistics 176 tcp ipv6 timer fin-timeout 176 tcp ipv6 timer syn-timeout 177 tcp ipv6 window 177 vi

7 DHCPv6 configuration commands 179 DHCPv6 common configuration commands 179 display ipv6 dhcp duid 179 DHCPv6 relay agent configuration commands 179 display ipv6 dhcp relay server-address 179 display ipv6 dhcp relay statistics 181 ipv6 dhcp relay server-address 182 reset ipv6 dhcp relay statistics 183 DHCPv6 client configuration commands 184 display ipv6 dhcp client 184 display ipv6 dhcp client statistics 185 reset ipv6 dhcp client statistics 187 DHCPv6 snooping configuration commands 187 display ipv6 dhcp snooping trust 187 display ipv6 dhcp snooping user-binding 188 ipv6 dhcp snooping enable 189 ipv6 dhcp snooping max-learning-num 189 ipv6 dhcp snooping trust 190 ipv6 dhcp snooping vlan enable 191 reset ipv6 dhcp snooping user-binding 191 Tunneling configuration commands 193 default 193 description 193 destination 194 display interface tunnel 195 display ipv6 interface tunnel 198 encapsulation-limit 202 interface tunnel 203 mtu 203 reset counters interface 204 service-loopback-group 204 service 205 shutdown 206 source 207 tunnel bandwidth 208 tunnel discard ipv4-compatible-packet 208 tunnel-protocol 209 Support and other resources 211 Contacting HP 211 Subscription service 211 Related information 211 Documents 211 Websites 211 Conventions 212 Index 214 vii

8 ARP configuration commands arp max-learning-num Parameter s Use the arp max-learning-num command to configure the maximum number of dynamic ARP entries that an interface can learn. Use the undo arp max-learning-num command to restore the default. By default, a Layer 2 interface does not limit the number of dynamic ARP entries. The maximum number of dynamic ARP entries that a Layer 3 interface can learn is When the number argument is set to 0, the interface is disabled from learning dynamic ARP entries. arp max-learning-num number undo arp max-learning-num Layer 2 Ethernet port view, Layer 3 Ethernet port view, VLAN interface view, Layer 2 aggregate interface view number: Specifies the maximum number of dynamic ARP entries that an interface can learn, ranging from 0 to # Specify VLAN-interface 40 to learn up to 500 dynamic ARP entries. [Sysname] interface vlan-interface 40 [Sysname-Vlan-interface40] arp max-learning-num 500 # Specify GigabitEthernet 1/0/1 to learn up to 1000 dynamic ARP entries. [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] arp max-learning-num 1000 # Specify Layer 2 aggregate interface bridge-aggregation 1 to learn up to 1000 dynamic ARP entries. [Sysname] interface bridge-aggregation 1 [Sysname-Bridge-Aggregation1] arp max-learning-num

9 arp static Use the arp static command to configure a static ARP entry in the ARP mapping table. Use the undo arp command to remove an ARP entry. A static ARP entry is effective when the device works normally. However, when the VLAN or VLAN interface to which an ARP entry corresponds is deleted, the entry, if long, will be deleted, and, if short and resolved, will become unresolved. The vlan-id argument specifies the VLAN corresponding to an ARP entry and must be the ID of an existing VLAN. In addition, the Ethernet interface following the argument must belong to that VLAN. The VLAN interface of the VLAN must have been created. If both the vlan-id and ip-address arguments are specified, the IP address of the VLAN interface corresponding to the vlan-id argument must be in the same network segment as the IP address specified by the ip-address argument. Related commands: reset arp and display arp. arp static ip-address mac-address [ vlan-id interface-type interface-number ] undo arp ip-address System view ip-address: Specifies the IP address in an ARP entry. mac-address: Specifies the MAC address in an ARP entry, in the format H-H-H. vlan-id: Specifies the ID of a VLAN to which a static ARP entry belongs, ranging from 1 to interface-type interface-number: Specifies the interface type and interface number. # Configure a static ARP entry, with IP address , MAC address 00e0-fc , and outbound interface GigabitEthernet 1/0/1 of VLAN 10. [Sysname] arp static e0-fc GigabitEthernet 1/0/1 arp timer aging Use the arp timer aging command to set the age timer for dynamic ARP entries. Use the undo arp timer aging command to restore the default. By default, the age timer for dynamic ARP entries is 20 minutes. 2

10 Related commands: display arp timer aging. arp timer aging aging-time undo arp timer aging Parameter System view aging-time: Specifies the age timer for dynamic ARP entries in minutes, ranging from 1 to # Set the age timer for dynamic ARP entries to 10 minutes. [Sysname] arp timer aging 10 display arp Use the display arp command to display ARP entries in the ARP mapping table. If no parameter is specified, all ARP entries are displayed. Related commands: arp static and reset arp. display arp [ [ all dynamic static ] [ slot slot-number ] vlan vlan-id interface interface-type interface-number ] [ count verbose ] [ { begin exclude include } regular-expression ] Any view 1: Monitor level all: Displays all ARP entries. dynamic: Displays dynamic ARP entries. static: Displays static ARP entries. slot slot-number: Displays the ARP entries on a specified IRF member switch. The slot-number argument specifies the ID of an IRF member switch. The value range for the argument depends on the number of member switches and their member IDs in the IRF fabric, which you can display with the display irf command. On a standalone device, the slot-number argument specifies the ID of the device. vlan vlan-id: Displays the ARP entries of the specified VLAN. The VLAN ID ranges from 1 to

11 s interface interface-type interface-number: Displays the ARP entries of the interface specified by the argument interface-type interface-number. count: Displays the number of ARP entries. verbose: Displays detailed information about ARP entries. : Filters command output by specifying a regular expression. For more information about regular expressions, see the Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display the information of all ARP entries. <Sysname> display arp all Type: S-Static D-Dynamic IP Address MAC Address VLAN ID Interface Aging Type e0-fc N/A GE1/0/1 20 D f-9550 N/A GE1/0/1 5 D d-88f7-b090 N/A GE1/0/1 17 D e0-4c3d-35d7 N/A GE1/0/1 15 D Table 1 Command output Field IP Address MAC Address VLAN ID Interface Aging Type IP address in an ARP entry MAC address in an ARP entry ID of the VLAN to which the ARP entry belongs Outbound interface in an ARP entry Aging time for a dynamic ARP entry in minutes ("DIS" or N/A means unknown aging time or no aging time) ARP entry type: D for dynamic S for static # Display the number of all ARP entries. <Sysname> display arp all count Total Entry(ies): 4 display arp ip-address Use the display arp ip-address command to view the ARP entry for a specified IP address. Related commands: arp static and reset arp. 4

12 display arp ip-address [ slot slot-number ] [ verbose ] [ { begin exclude include } regular-expression ] Any view 1: Monitor level ip-address: Displays the ARP entry for the specified IP address. slot slot-number: Displays the ARP entries on a specified IRF member switch. The slot-number argument specifies the ID of an IRF member switch. The value range for the argument depends on the number of member switches and their member IDs in the IRF fabric, which you can display with the display irf command. On a standalone device, the slot-number argument specifies the ID of the device. verbose: Displays the detailed information about ARP entries. : Filters command output by specifying a regular expression. For more information about regular expressions, see the Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display the corresponding ARP entry for the IP address <Sysname> display arp Type: S-Static D-Dynamic IP Address MAC Address VLAN ID Interface Aging Type e0-fc N/A N/A N/A S display arp timer aging Use the display arp timer aging command to view the age timer for dynamic ARP entries. Related commands: arp timer aging. display arp timer aging [ { begin exclude include } regular-expression ] Any view 5

13 : Filters command output by specifying a regular expression. For more information about regular expressions, see the Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display the age timer for dynamic ARP entries. <Sysname> display arp timer aging Current ARP aging time is 10 minute(s) mac-address station-move Use the mac-address station-move quick-notify enable command to enable ARP quick update. Use the undo mac-address station-move quick-notify enable command to restore the default. By default, ARP quick update is disabled. mac-address station-move quick-notify enable undo mac-address station-move quick-notify enable System view None reset arp # Enable ARP quick update. [Sysname] mac-address station-move quick-notify enable Use the reset arp command to clear ARP entries from the ARP mapping table. Related commands: arp static and display arp. 6

14 reset arp { all dynamic static slot slot-number interface interface-type interface-number } User view all: Clears all ARP entries. dynamic: Clears all dynamic ARP entries. static: Clears all static ARP entries. slot slot-number: Clears the ARP entries on a specified IRF member switch. The slot-number argument specifies the ID of an IRF member switch. The value range for the argument depends on the number of member switches and their member IDs in the IRF fabric, which you can display with the display irf command. On a standalone device, the slot-number argument specifies the ID of the device. interface interface-type interface-number: Clears the ARP entries for the interface specified by the argument interface-type interface-number. # Clear all static ARP entries. <Sysname> reset arp static 7

15 Gratuitous ARP configuration commands arp send-gratuitous-arp Parameter Use the arp send-gratuitous-arp command to enable periodic sending of gratuitous ARP packets and set the sending interval for the interface. Use the undo arp send-gratuitous-arp command to disable the interface from periodically sending gratuitous ARP packets. By default, an interface is disabled from sending gratuitous ARP packets periodically. This function takes effect only when the link of the enabled interface goes up and an IP address has been assigned to the interface. The IP address contained in a gratuitous ARP request can be the VRRP virtual IP address, the primary IP address or a manually configured secondary IP address of the sending interface only. The primary IP address can be configured manually or automatically, whereas the secondary IP address must be configured manually. If you change the interval for sending gratuitous ARP packets, the configuration is effective at the next sending interval. The frequency of sending gratuitous ARP packets may be much lower than is expected if this function is enabled on multiple interfaces, or each interface is configured with multiple secondary IP addresses, or a small sending interval is configured in the preceding cases. arp send-gratuitous-arp [ interval milliseconds ] undo arp send-gratuitous-arp Layer 3 Ethernet port view, VLAN interface view interval milliseconds: Sets the interval at which gratuitous ARP packets are sent, ranging from 200 to 200,000 milliseconds. The default value is # Enable VLAN-interface 2 to send gratuitous ARP packets every 300 milliseconds. [Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] arp send-gratuitous-arp interval 300 8

16 gratuitous-arp-sending enable Use the gratuitous-arp-sending enable command to enable a device to send gratuitous ARP packets when receiving ARP requests from another network segment. Use the undo gratuitous-arp-sending enable command to restore the default. By default, a device cannot send gratuitous ARP packets when receiving ARP requests from another network segment. gratuitous-arp-sending enable undo gratuitous-arp-sending enable System view None # Disable a device from sending gratuitous ARP packets. [Sysname] undo gratuitous-arp-sending enable gratuitous-arp-learning enable Use the gratuitous-arp-learning enable command to enable the gratuitous ARP packet learning function. Use the undo gratuitous-arp-learning enable command to disable the function. By default, the function is enabled. With this function enabled, a device receiving a gratuitous ARP packet can add the source IP and MAC addresses to its own dynamic ARP table if it finds that no ARP entry exists in the cache corresponding to the source IP address of the ARP packet. If a matching ARP entry is found in the cache, the device updates the ARP entry regardless of whether this function is enabled. gratuitous-arp-learning enable undo gratuitous-arp-learning enable System view 9

17 None # Enable the gratuitous ARP packet learning function. [Sysname] gratuitous-arp-learning enable 10

18 Proxy ARP configuration commands display local-proxy-arp Use the display local-proxy-arp command to view the status of the local proxy ARP. If no interface is specified, the local proxy ARP status of all interfaces is displayed. Related commands: local-proxy-arp enable. display local-proxy-arp [ interface interface-type interface-number ] [ { begin exclude include } regular-expression ] Any view interface interface-type interface-number: Displays the local proxy ARP status of the interface specified by the argument interface-type interface-number. : Filters command output by specifying a regular expression. For more information about regular expressions, see the Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display the status of the local proxy ARP on VLAN-interface 2. <Sysname> display local-proxy-arp interface vlan-interface 2 Interface Vlan-interface2 Local Proxy ARP status: enabled display proxy-arp Use the display proxy-arp command to view the proxy ARP status. If an interface is specified, the proxy ARP status of the specified interface is displayed. If no interface is specified, the proxy ARP status of all interfaces is displayed. Related commands: proxy-arp enable. 11

19 display proxy-arp [ interface interface-type interface-number ] [ { begin exclude include } regularexpression ] Any view interface interface-type interface-number: Displays the proxy ARP status of the interface specified by the argument interface-type interface-number. : Filters command output by specifying a regular expression. For more information about regular expressions, see the Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display the proxy ARP status on VLAN-interface 1. <Sysname> display proxy-arp interface Vlan-interface 1 Interface Vlan-interface 1 Proxy ARP status: disabled local-proxy-arp enable Use the local-proxy-arp enable command to enable local proxy ARP. Use the undo local-proxy-arp enable command to disable local proxy ARP. By default, local proxy ARP is disabled. Only one IP address range can be specified by using the ip-range keyword on an interface. Related commands: display local-proxy-arp. local-proxy-arp enable [ ip-range startip to endip ] undo local-proxy-arp enable VLAN interface view, Layer 3 Ethernet port view 12

20 Parameter s ip-range startip to endip: Specifies the IP address range for which local proxy ARP is enabled. The start IP address must be lower than or equal to the end IP address. # Enable local proxy ARP on VLAN-interface 2. [Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] local-proxy-arp enable # Enable local proxy ARP on VLAN-interface 2 for a specific IP address range. [Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] local-proxy-arp enable ip-range to proxy-arp enable Use the proxy-arp enable command to enable proxy ARP. Use the undo proxy-arp enable command to disable proxy ARP. By default, proxy ARP is disabled. Related commands: display proxy-arp. proxy-arp enable undo proxy-arp enable VLAN interface view, Layer 3 Ethernet port view None # Enable proxy ARP on VLAN-interface 2. [Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] proxy-arp enable 13

21 IP addressing configuration commands display ip interface Use the display ip interface command to display IP configuration information for a specified Layer 3 interface or all Layer 3 interfaces. display ip interface [ interface-type interface-number ] [ { begin exclude include } regular-expression ] Any view 1: Monitor level interface-type interface-number: Specifies an interface by its type and number. : Filters command output by specifying a regular expression. For more information about regular expressions, see the Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display IP configuration information for interface VLAN-interface 1. <Sysname> display ip interface vlan-interface 1 Vlan-interface1 current state :DOWN Line protocol current state :DOWN Internet Address is /8 Primary Broadcast address : The Maximum Transmit Unit : 1500 bytes input packets : 0, bytes : 0, multicasts : 0 output packets : 0, bytes : 0, multicasts : 0 ARP packet input number: 0 Request packet: 0 Reply packet: 0 Unknown packet: 0 TTL invalid packet number: 0 ICMP packet input number: 0 14

22 Echo reply: 0 Unreachable: 0 Source quench: 0 Routing redirect: 0 Echo request: 0 Router advert: 0 Router solicit: 0 Time exceed: 0 IP header bad: 0 Timestamp request: 0 Timestamp reply: 0 Information request: 0 Information reply: 0 Netmask request: 0 Netmask reply: 0 Unknown type: 0 Table 2 Command output Field current state Line protocol current state Internet Address Broadcast address The Maximum Transmit Unit input packets, bytes, multicasts output packets, bytes, multicasts Current physical state of the interface: Administrative DOWN Interface is shut down with the shutdown command DOWN Indicates that the interface is up administratively, but its physical state is down, which may be caused by a connection or link failure UP Indicates that both the administrative and physical states of the interface are up Current state of the link layer protocol, which can be: DOWN Indicates that the protocol state of the interface is down UP Indicates that the protocol state of the interface is up UP (spoofing) Indicates that the protocol state of the interface pretends to be up; however, no corresponding link is present, or the corresponding link is not present permanently, but is established as needed IP address of an interface: Primary Identifies a primary IP address Sub Identifies a secondary IP address acquired via DHCP Identifies an IP address obtained through DHCP acquired via BOOTP Identifies an IP address obtained through BOOTP Mad Identifies a MAD IP address Broadcast address of the subnet attached to an interface Maximum transmission units on the interface, in bytes Unicast packets, bytes, and multicast packets received on an interface (the statistics start at the device startup) 15

23 Field ARP packet input number: Request packet: Reply packet: Unknown packet: TTL invalid packet number ICMP packet input number: Echo reply: Unreachable: Source quench: Routing redirect: Echo request: Router advert: Router solicit: Time exceed: IP header bad: Timestamp request: Timestamp reply: Information request: Information reply: Netmask request: Netmask reply: Unknown type: Total number of ARP packets received on the interface (the statistics start at the device startup), including: ARP request packets ARP reply packets Unknown packets Number of TTL-invalid packets received on the interface (the statistics start at the device startup) Total number of ICMP packets received on the interface (the statistics start at the device startup), including: Echo reply packets Unreachable packets Source quench packets Routing redirect packets Echo request packets Router advertisement packets Router solicitation packets Time exceeded packets IP header bad packets Timestamp request packets Timestamp reply packets Information request packets Information reply packets Netmask request packets Netmask reply packets Unknown type packets display ip interface brief Use the display ip interface brief command to display brief IP configuration information for a specified Layer 3 interface or all Layer 3 interfaces. Without the interface type and interface number specified, the brief IP configuration information for all Layer 3 interfaces is displayed. With only the interface type specified, the brief IP configuration information for all Layer 3 interfaces of the specified type is displayed. With both the interface type and interface number specified, only the brief IP configuration information for the specified interface is displayed. Related commands: display ip interface. display ip interface [ interface-type [ interface-number ] ] brief [ { begin exclude include } regularexpression ] 16

24 Any view 1: Monitor level interface-type: Specifies an interface by its type. interface-number: Specifies an interface by its number. : Filters command output by specifying a regular expression. For more information about regular expressions, see the Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display brief IP configuration information for VLAN interfaces. <Sysname> display ip interface vlan-interface brief *down: administratively down (s): spoofing Interface Physical Protocol IP Address Vlan1 up up Vlan-inte... Vlan2 up up Vlan-inte... Table 3 Command output Field *down: administratively down (s) : spoofing Interface Physical Protocol Interface is shut down administratively with the shutdown command Spoofing attribute of the interface, which indicates that an interface may have no link present even when its link layer protocol is displayed up or the link is set up only on demand Interface name Physical state of the interface: *down Indicates that the interface is down administratively; that is, the interface is shut down with the shutdown command down Indicates that the interface is up administratively, but its physical state is down up Indicates that both the administrative and physical states of the interface are up Link layer protocol state of the interface, which can be: down Indicates that the protocol state of the interface is down up Indicates that the protocol state of the interface is up up(s) Indicates that the protocol state of the interface is up (spoofing) 17

25 Field IP Address IP address of the interface (If no IP address is configured, unassigned is displayed) Interface description information, for which up to 12 characters can be displayed If there are more than 12 characters, only the first nine characters are displayed ip address Use the ip address command to assign an IP address and mask to the interface. Use the undo ip address command to remove all IP addresses from the interface. Use the undo ip address ip-address { mask mask-length } command to remove the primary IP address. Use the undo ip address ip-address { mask mask-length } sub command to remove a secondary IP address. By default, no IP address is assigned to any interface. When assigning IP addresses to an interface, consider the following: You can assign only one primary IP address to an interface. The primary and secondary IP addresses can be located in the same network segment. Before removing the primary IP address, remove all secondary IP addresses. You cannot assign a secondary IP address to the interface that is configured to obtain one through BOOTP or DHCP. Related commands: display ip interface. ip address ip-address { mask-length mask } [ sub ] undo ip address [ ip-address { mask-length mask } [ sub ] ] Interface view ip-address: Specifies the IP address of an interface, in dotted decimal notation. mask-length: Specifies the subnet mask length, the number of consecutive ones in the mask. mask: Specifies the subnet mask in dotted decimal notation. sub: Specifies the secondary IP address for the interface. 18

26 s # Assign VLAN-interface 1 a primary IP address and a secondary IP address , with subnet masks being [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] ip address [Sysname-Vlan-interface1] ip address sub # Assign Layer 3 Ethernet port GigabitEthernet 1/0/5 a primary IP address and a secondary IP address , with subnet masks being [Sysname]interface GigabitEthernet 1/0/5 [Sysname GigabitEthernet1/0/5] port link-mode route [Sysname GigabitEthernet1/0/5] ip address [Sysname GigabitEthernet1/0/5]ip address sub 19

27 DHCP server configuration commands bims-server Use the bims-server command to specify the IP address, port number, and shared key of the BIMS server in the DHCP address pool for the client. Use the undo bims-server command to remove the specified BIMS server information. By default, no BIMS server information is specified. If you execute the bims-server command repeatedly, the latest configuration overwrites the previous one. Related commands: dhcp server ip-pool and display dhcp server tree. bims-server ip ip-address [ port port-number ] sharekey key undo bims-server DHCP address pool view ip ip-address: Specifies an IP address for the BIMS server. port port-number: Specifies a port number for the BIMS server, ranging from 1 to 65,534. sharekey key: Specifies a shared key for the BIMS server, which is a string of 1 to 16 characters. # Specify the IP address , port number 80, shared key aabbcc of the BIMS server in DHCP address pool 0 for the client. [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] bims-server ip port 80 sharekey aabbcc bootfile-name Use the bootfile-name command to specify a bootfile name in the DHCP address pool for the client. Use the undo bootfile-name command to remove the specified bootfile name. By default, no bootfile name is specified. 20

28 If you execute the bootfile-name command repeatedly, the latest configuration overwrites the previous one. Related commands: dhcp server ip-pool and display dhcp server tree. bootfile-name bootfile-name undo bootfile-name DHCP address pool view Parameter bootfile-name: Specifies the boot file name, a string of 1 to 63 characters. # Specify the bootfile name aaa.cfg in DHCP address pool 0. [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] bootfile-name aaa.cfg dhcp enable Use the dhcp enable command to enable DHCP. Use the undo dhcp enable command to disable DHCP. By default, DHCP is disabled. NOTE: You need to enable DHCP before performing DHCP server and relay agent configurations. dhcp enable undo dhcp enable System view None 21

29 # Enable DHCP. [Sysname] dhcp enable dhcp server apply ip-pool Parameter Use the dhcp server apply ip-pool command to apply an extended address pool on an interface. Use the undo dhcp server apply ip-pool command to remove the configuration. By default, no extended address pool is applied on an interface, and the server assigns an IP address from a common address pool to a client when the client's request arrives at the interface. If you execute the dhcp server apply ip-pool command on an interface, when a client's request arrives at the interface, the server attempts to assign the client the statically bound IP address first and then an IP address from this extended address pool. Only an extended address pool can be applied on an interface. The address pool to be referenced must already exist. Related commands: dhcp server ip-pool. dhcp server apply ip-pool pool-name undo dhcp server apply ip-pool [ pool-name ] Interface view pool-name: Specifies the DHCP address pool name, a case-insensitive string ranging from 1 to 35 characters. # Apply extended DHCP address pool 0 on VLAN-interface 1. [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] dhcp server apply ip-pool 0 dhcp select server global-pool Use the dhcp select server global-pool command to enable the DHCP server on specified interfaces. After the interface receives a DHCP request from a client, the DHCP server will allocate an IP address from the address pool. 22

30 Use the undo dhcp select server global-pool command to remove the configuration. Upon receiving a DHCP request from a client, the interface will neither assign an IP address to the client, nor serve as a DHCP relay agent to forward the request. Use the undo dhcp select server global-pool subaddress command to disable the support for secondary address allocation. By default, the DHCP server is enabled on an interface. dhcp select server global-pool [ subaddress ] undo dhcp select server global-pool [ subaddress ] Parameter Interface view subaddress: Supports secondary address allocation. When the DHCP server and client are on the same network segment, the server preferably assigns an IP address from an address pool that resides on the same subnet as the primary IP address of the server interface (connecting to the client). If the address pool contains no assignable IP address, the server assigns an IP address from an address pool that resides on the same subnet as the secondary IP addresses of the server interface. If the interface has multiple secondary IP addresses, each address pool is tried in turn for address allocation. Without the keyword subaddress specified, the DHCP server can only assign an IP address from the address pool that resides on the same subnet as the primary IP address of the server interface. # Enable the DHCP server on VLAN-interface 1 to assign IP addresses from the address pool that resides on the same subnet as the primary IP address of the server interface (connecting to the client) for the client. [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] dhcp select server global-pool dhcp server detect Use the dhcp server detect command to enable unauthorized DHCP server detection. Use the undo dhcp server detect command to disable the function. By default, the function is disabled. With this function enabled, upon receiving a DHCP request, the DHCP server resolves from the request the IP addresses of DHCP servers which ever offered IP addresses to the DHCP client and the receiving interface. Each server detected is recorded only once. The administrator can use this information to check for unauthorized DHCP servers. 23

31 dhcp server detect undo dhcp server detect System view None # Enable unauthorized DHCP server detection. [Sysname] dhcp server detect dhcp server forbidden-ip Use the dhcp server forbidden-ip command to exclude IP addresses from dynamic allocation. Use the undo dhcp server forbidden-ip command to remove the configuration. By default, all IP addresses in a DHCP address pool are assignable except IP addresses of the DHCP server interfaces. When you use the dhcp server forbidden-ip command to exclude an IP address that is bound to a user from dynamic assignment, the address can be still assigned to the user. When you use the undo dhcp server forbidden-ip command to remove the configuration, the specified address/address range must be consistent with the one specified with the dhcp server forbidden-ip command. If you have configured to exclude an address range from dynamic assignment, you need to specify the same address range in the undo dhcp server forbidden-ip command instead of specifying one IP address. Using the dhcp server forbidden-ip command repeatedly can exclude multiple IP address ranges from allocation. Related commands: display dhcp server forbidden-ip, dhcp server ip-pool, network, and static-bind ipaddress. dhcp server forbidden-ip low-ip-address [ high-ip-address ] undo dhcp server forbidden-ip low-ip-address [ high-ip-address ] System view 24

32 low-ip-address: Specifies the start IP address of the IP address range to be excluded from dynamic allocation. high-ip-address: Specifies the end IP address of the IP address range to be excluded from dynamic allocation. The end IP address must have a higher sequence than the start one. # Exclude the IP address range to from dynamic allocation. [Sysname] dhcp server forbidden-ip dhcp server ip-pool Use the dhcp server ip-pool command to create a DHCP address pool and enter its view. If the pool was created, you will directly enter its view. Use the undo dhcp server ip-pool command to remove the specified DHCP address pool. By default, no DHCP address pool is created. Related commands: dhcp enable and display dhcp server tree. dhcp server ip-pool pool-name [ extended ] undo dhcp server ip-pool pool-name System view pool-name: Specifies the global address pool name, which is a unique pool identifier, a string of 1 to 35 characters. extended: Specifies the address pool as an extended address pool. If this keyword is not specified, the address pool is a common address pool. # Create the common address pool identified by 0. [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] 25

33 dhcp server ping packets Parameter Use the dhcp server ping packets command to specify the maximum number of ping packets on the DHCP server. Use the undo dhcp server ping packets command to restore the default. The number defaults to 1. To avoid IP address conflicts, the DHCP server checks whether an IP address is in use before assigning it to a DHCP client. The DHCP server pings the IP address to be assigned by using ICMP. If the server gets a response within the specified period, the server selects and pings another IP address. If not, the server pings the IP address again until the specified number of ping attempts is reached. If still no response is received, the server assigns the IP address to the requesting client. dhcp server ping packets number undo dhcp server ping packets System view number: Specifies the number of ping packets, ranging from 0 to means no ping operation. # Specify the maximum number of ping packets as 10. [Sysname] dhcp server ping packets 10 dhcp server ping timeout Use the dhcp server ping timeout command to configure the ping response timeout time on the DHCP server. Use the undo dhcp server ping timeout command to restore the default. The time defaults to 500 ms. To avoid IP address conflicts, the DHCP server checks whether an IP address is in use before assigning it to a DHCP client. The DHCP server pings the IP address to be assigned by using ICMP. If the server gets a response within the specified interval, the server selects and pings another IP address. If not, the server pings the IP address again until the specified number of ping attempts is reached. If still no response is received, the server assigns the IP address to the requesting client. 26

34 dhcp server ping timeout milliseconds undo dhcp server ping timeout Parameter System view milliseconds: Specifies the response timeout value for ping packets in milliseconds, ranging from 0 to 10, means no ping operation. # Specify the response timeout time as 1000 ms. [Sysname] dhcp server ping timeout 1000 dhcp server relay information enable Use the dhcp server relay information enable command to enable the DHCP server to handle Option 82. Use the undo dhcp server relay information enable command to configure the DHCP server to ignore Option 82. By default, the DHCP server handles Option 82. dhcp server relay information enable undo dhcp server relay information enable System view None # Configure the DHCP server to ignore Option 82. [Sysname] undo dhcp server relay information enable 27

35 dhcp server threshold s Use the dhcp server threshold command to enable the DHCP server to send trap messages to the network management server when the specified threshold is reached. Use the undo dhcp server threshold command to restore the default. By default, the DHCP server does not send trap messages to the network management server. dhcp server threshold { allocated-ip threshold-value average-ip-use threshold-value max-ip-use threshold-value } undo dhcp server threshold { allocated-ip average-ip-use max-ip-use } System view allocated-ip threshold-value: Enables the DHCP server to send trap messages to the network management server when the ratio of successfully allocated IP addresses to received DHCP requests within five minutes reaches the threshold specified by the threshold-value argument. The threshold is a percentage value ranging from 1 to 100. average-ip-use threshold-value: Enables the DHCP server to send trap messages to the network management server when the average IP address utilization of an address pool within five minutes reaches the threshold specified by the threshold-value argument. The threshold is a percentage value ranging from 1 to 100. max-ip-use threshold-value: Enables the DHCP server to send trap messages to the network management server when the maximum IP address utilization of an address pool within five minutes reaches the threshold specified by the threshold-value argument. The threshold is a percentage value ranging from 1 to 100. # Enable the DHCP server to send trap messages to the network management server when the ratio of successfully allocated IP addresses to received DHCP requests within five minutes exceeds 50%. [Sysname] dhcp server threshold allocated-ip 50 # Enable the DHCP server to send trap messages to the network management server when the average IP address utilization of an address pool within five minutes exceeds 80%. [Sysname] dhcp server threshold average-ip-use 80 # Enable the DHCP server to send trap messages to the network management server when the maximum IP address utilization of an address pool within five minutes exceeds 80%. [Sysname] dhcp server threshold max-ip-use 80 28

36 display dhcp server conflict Use the display dhcp server conflict command to display information about IP address conflicts. Related commands: reset dhcp server conflict. display dhcp server conflict { all ip ip-address } [ { begin exclude include } regular-expression ] Any view 1: Monitor level all: Displays information about all IP address conflicts. ip-address: Displays conflict information for a specified IP address. : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display information about all IP address conflicts. <Sysname> display dhcp server conflict all Address Discover time Apr :57: Apr :00: total 2 entry --- Table 4 Command output Field Address Discover Time Conflicted IP address Time when the conflict was discovered display dhcp server expired Use the display dhcp server expired command to view lease expiration information of specified DHCP address pools or an IP address. DHCP will assign these expired IP addresses to DHCP clients after all addresses have been assigned. 29

37 display dhcp server expired { all ip ip-address pool [ pool-name ] } [ { begin exclude include } regular-expression ] Any view 1: Monitor level all: Displays the lease expiration information of all DHCP address pools. ip ip-address: Displays the lease expiration information of a specified IP address. pool [ pool-name ]: Displays the lease expiration information of a specified address pool. The pool name is a string of 1 to 35 characters. If the pool name is not specified, the lease expiration information of all address pools is displayed. : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. # Display information about lease expirations in all DHCP address pools. <Sysname> display dhcp server expired all IP address Client-identifier/ Lease expiration Type Hardware address e Apr :10:47 Release 302e d e f total 1 entry --- Table 5 Command output Field IP address Client-identifier/Hardware address Lease expiration Type Expired IP addresses IDs or MACs of clients whose IP addresses were expired The lease expiration time Types of lease expirations This field is set to Release 30